A new self-replicating supply-chain attack dubbed “IronWorm” has been discovered in the wild. Built in Rust and hiding behind an eBPF rootkit, this heavy infostealer targets software developers, with a specific focus on the crypto and web3 sectors. Similar to the Shai-Hulud worm, IronWorm weaponizes stolen credentials to silently inject itself into victims’ GitHub repositories […]
The post IronWorm Campaign Targets Developers Through Malicious npm Packages appeared first on Cyber Security News.